I needed to enable the Help Desk to be able to modify permissions on mailboxes. I put the help desk security group in the Exchange Recipient Administrators group. That gives them the ability to modify Exchange attributes but would not allow them to modify permissions on a mailbox. The next available role was “Exchange Organization Administrator” but I couldn’t give them full access to Exchange. I opened a case with Microsoft and we came up with the following Powershell command:
That gives them the necessary rights so that they can modify permissions on mailboxes. Any time a new database is created we will have to run the command against it to give the Help Desk the necessary permissions.